Hi,
Company A just acquired Company B. I was asked to setup IPSec VPN to allow B
access A's internal network (172.16.0.0/22). Based on Company A's VPN
infrastructure, the interested subnet assigned to Company B is
10.9.11.0/24. Company
B has its own subnet 192.168.1.0/24. Without changing company B's subnet to
10.9.11.0/24, i am thinking to create a "Temp" interface with security level
50 (outside int security is 0; inside int security is 100) and NAT
192.168.1.0/24 to 10.9.11.3/24. Company B is using PIX 515.
The problem is Company B NAT traffic to PIX 515 outside interface for
Internet access. So, if i put
access-list inside_nat0_outbound permit ip 192.168.1.0
255.255.255.0 172.16.0.0 255.255.252.0
global (outside) 1 interface
nat (inside) 0 inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
Can i still NAT traffic from 192.168.1.0 255.255.255.0 172.16.0.0
255.255.252.0 to Temp interface 10.9.11.3, since the traffic already defined
no-NAT?
access-list CompanyB_2_A permit ip 192.168.1.0 255.255.255.0 172.16.0.0
255.255.252.0
global (temp) 2 10.9.11.3
nat (inside) 2 access-list CompanyB_2_A
If it is not a good solution for the scenario, what is the better way to
work it out?
Thanks!
Joshua
Blogs and organic groups at http://www.ccie.net
Received on Wed Apr 15 2009 - 23:21:12 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:12 ART